Are Email Communications Always Legitimate?

By Jonathan Brisbane

The Perspective
Atlanta, Georgia
December 24, 2007


Very recently a Liberian website reported about a purported email which it alleges emanated from Mr. Christopher Nippy, the first secretary for political affairs at the Liberian Embassy in Washington. In the article, the writer raised the question, “Are you blacklisted?” The question was apparently a question posed to Liberians based on documents in the purported email that the website claims emanated from Mr. Nippy. I am very wary of attributing emails to individuals simply because it bears their email address. I am all too aware that email communication is not secure. It literally takes a few seconds to generate and send an email using someone’s email address. This fraud may lead well-intentioned and unsuspecting individuals to think that the email is indeed from the person. My goal here is not to address the veracity of the email (I have no idea whether the email is legitimate or whether it is a product of fraud) but to use the issue of the purported email to raise the specter of electronic fraud, with emphasis on email fraud.

There are many types of electronic fraud, and email is an inexpensive and popular method for distributing fraudulent messages to potential victims or maligning the reputation of others. The US Secret Service has found that, hundreds of millions of dollars are lost annually and the losses continue unabated, due to electronic fraud. Almost everyone who has used email long enough and have bothered to read what many regard as “junk” mail, unsolicited emails, have at one time or another read some email with an unbelievable offer to make you an instant millionaire. Such emails may even offer you shares in reputable and existing fortune 500 companies simply by sending your credit card information. Some fraud is carried out by people obtaining access to your login name and password. As I read the purported blacklist “shocker”, the thought that occurred to me is whether its veracity had been substantiated by examining such issues as the server of origin, its digital signature, and other anti-electronic fraud tools.

"Phishing" scams are currently the most popular and thus dangerous form of email fraud. They use email messages that appear to come from a legitimate individual or institution, such as your bank or university, and ask you to "verify" your personal information; the scammers then use this information to commit identity theft. You may be asking “How is this possible?” Well, it is very simple. There are several free email client software programs out there. If one knows the email address of another person, all one needs to do is change the settings of the email client when sending out the email so that the person receiving the email thinks that the email is from the person. It would take no more than a few seconds to do so. That is why most people do not give much credence to emails. Most institutions that are wary of this form of phishing will reply to the email and ask the sender to provide an acknowledgement. In this way, the sender would be able to provide the acknowledgement, only if they have access to the email account allegedly being used to send the email. An added layer of security is to require that the host server is not one of those public email servers such as (gmail, hotmail, yahoo, etc) but an email server associated with an institution; the only way a user could have an email account on an institution’s mail server is by providing some information that have already been validated and verified by the institution that owns the server. The verification is usually more rigorous than organization providing free email accounts to the general public.

An even more insidious and difficult-to-detect form of email fraud is where one has a perfectly legitimate email account with enhanced security features (not a yahoo, hotmail, gmail and other free public email accounts with very limited security) and one’s login information becomes compromised. For example, this may happen when someone else gets their hands on your login information or when you do not log off from your email client software. Worse, if you are using a computer accessible to others and the computer stores your login information in cache or you somehow use the “remember” feature to store information entered via a form, other users could readily have access to your private data. There are also freeware available that will record the key strokes of an unsuspecting user, thereby giving the fraudster access to your private data. A malicious person could then easily assume your identity by using your email account to send out an email of any nature claiming to be you. This is your basic run of the mill identity theft via electronic means. If somehow the fraudster has access to your login information without your knowledge, they could cause you a tremendous amount of grief before you become aware of it.

So what are the basic lessons? If you are undertaking something that requires you to be more security-aware, you should not use or trust emails. Anyone can assume your email identity by sending an email from another host server using a freeware email client application and take on your identity. Physical documents have their own shortcomings but they are much more reliable than emails when it comes to preventing fraud. Never respond to any message that asks you to send cash or personal information. You won't become a millionaire, and in fact you could get into legal trouble if you become unwittingly involved with one of these scams or take an action based on the contents of a purported email. The same applies to documents generated and circulated via email that purport to emanate from an institution. Always contact the purported source, the institution and the individual concerned, to determine whether the email is legitimate. It is easier to fall prey to email fraud than most other forms of electronic fraud. Remember mail fraud is a felony in the United States. Do not engage in mail fraud and do not fall prey to it, even unwittingly. You could go to jail for several years if you are the perpetrator or you could lose a lot of money or unwittingly malign the reputations of others.

© 2007 by The Perspective

To Submit article for publication, go to the following URL: